Get a safe password

Giant Admin for a Day

London, Jan 21 (ANI): A data security firm has unveiled the ten most commonly used passwords on the web.

To reach the conclusion, Imperva analysed around 32 million passwords that had been exposed in a recent hack of the RockYou website.

Last year a hacker had breached the site's company database, gaining access to the unencrypted usernames and passwords of all its 32 million users.

Now, after studying the breach the firm has come up with a list of the most commonly used passwords which website users should avoid, reports The Telegraph.

"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second-or 1000 accounts every 17 minutes," said Amichai Shulman, Imperva's chief technical officer.

"Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like '123456'," he added.

"The problem has changed very little over the past 20 years. It's time for everyone to take password security seriously; it's an important first step in data security," he said.

Administrator

Back at the dawn of the Web, the most popular account password was “12345.”

Today, it’s one digit longer but hardly safer: “123456.”

Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug.

According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

“I guess it’s just a genetic flaw in humans,” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers. “We’ve been following the same patterns since the 1990s.”

Mr. Shulman and his company examined a list of 32 million passwords that an unknown hacker stole last month from RockYou, a company that makes software for users of social networking sites like Facebook and MySpace. The list was briefly posted on the Web, and hackers and security researchers downloaded it. (RockYou, which had already been widely criticized for lax privacy practices, has advised its customers to change their passwords, as the hacker gained information about their e-mail accounts as well.)

The trove provided an unusually detailed window into computer users’ password habits. Typically, only government agencies like the F.B.I. or the National Security Agency have had access to such a large password list.

“This was the mother lode,” said Matt Weir, a doctoral candidate in the e-crimes and investigation technology lab at Florida State University, where researchers are also examining the data.

Imperva found that nearly 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

More disturbing, said Mr. Shulman, was that about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.

That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.

“We tend to think of password guessing as a very time-consuming attack in which I take each account and try a large number of name-and-password combinations,” Mr. Shulman said. “The reality is that you can be very effective by choosing a small number of common passwords.”

Some Web sites try to thwart the attackers by freezing an account for a certain period of time if too many incorrect passwords are typed. But experts say that the hackers simply learn to trick the system, by making guesses at an acceptable rate, for instance.

To improve security, some Web sites are forcing users to mix letters, numbers and even symbols in their passwords. Others, like Twitter, prevent people from picking common passwords.

Still, researchers say, social networking and entertainment Web sites often try to make life simpler for their users and are reluctant to put too many controls in place.

Even commercial sites like eBay must weigh the consequences of freezing accounts, since a hacker could, say, try to win an auction by freezing the accounts of other bidders.

Overusing simple passwords is not a new phenomenon. A similar survey examined computer passwords used in the mid-1990s and found that the most popular ones at that time were “12345,” “abc123” and “password.”

Why do so many people continue to choose easy-to-guess passwords, despite so many warnings about the risks?

Security experts suggest that we are simply overwhelmed by the sheer number of things we have to remember in this digital age.

“Nowadays, we have to keep probably 10 times as many passwords in our head as we did 10 years ago,” said Jeff Moss, who founded a popular hacking conference and is now on the Homeland Security Advisory Council. “Voice mail passwords, A.T.M. PINs and Internet passwords — it’s so hard to keep track of.”

In the idealized world championed by security specialists, people would have different passwords for every Web site they visit and store them in their head or, if absolutely necessary, on a piece of paper.

But bowing to the reality of our overcrowded brains, the experts suggest that everyone choose at least two different passwords — a complex one for Web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.

Mr. Moss relies on passwords at least 12 characters long, figuring that those make him a more difficult target than the millions of people who choose five- and six-character passwords.

“It’s like the joke where the hikers run into a bear in the forest, and the hiker that survives is the one who outruns his buddy,” Mr. Moss said. “You just want to run that bit faster.”

Super Moderator

Repeated Pattern
Repeated characters or patterns can make your password more predictable
Possibly a Word

Your password looks like it could be a dictionary word or a name.
If it's a name with personal significance it might be easy to guess.
If it's a dictionary word it could be cracked very quickly.
Character Variety: Just Letters

Your password only contains letters. Adding numbers and symbols can make your password more secure.
Length: Long

New Member

Another site is: https://shouldichangemypassword.com/
It will let you see if your email features on any of the (known) leaked password lists produced by hackers. It has a 10-step guide telling you what to do if you have been compromised.

Administrator

Thanks to our members for the tips.
It is a very wise move to REGULARLY change our passwords. There are a lot of people on the internet who would like to have our passwords so changing them is always a good move.

A "safe" password is usually at least 15 characters long,

A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an 8-character password composed of characters from the entire keyboard.

The safest way is to use a combination of letters AND numbers.

One of the best ways to help protect ourselves is to REGULARLY change our passwords.

Contrary to popular opinion it is ok to write down our passwords so we can remember them, PROVIDED this information is kept safe and secure.

Worst Passwords of 2013 listThe 2013 list of worst passwords, influenced by postings from the Adobe breach, demonstrates the importance of not basing passwords on the application or website being accessed

LOS GATOS, CA â€“ SplashData has announced its annual list of the 25 most common passwords found on the Internet. For the first time since SplashData began compiling its annual list, "password" has lost its title as the most common and therefore Worst Password, and two-time runner-up "123456" took the dubious honor. "Password" fell to #2.

According to SplashData, this year's list was influenced by the large number of passwords from Adobe users posted online by security consulting firm Stricture Consulting Group following Adobe's well publicized security breach.

"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing," says Morgan Slain, CEO of SplashData.

SplashData's list of frequently used passwords shows that many people continue to put themselves at risk by using weak, easily guessable passwords. Some other passwords in the Top Ten include "qwerty," "abc123," "111111," and "iloveyou."

"Another interesting aspect of this year's list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies," Slain said. For example, new to this year's list are simple and easily guessable passwords like "1234" at #16, "12345" at #20, and "000000" at #25.

SplashData, provider of the SplashID Safe line of password management applications, releases its annual list in an effort to encourage the adoption of stronger passwords. "As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites."

SplashData's top 25 list was compiled from files containing millions of stolen passwords posted online during the previous year. The company advises consumers or businesses using any of the passwords on the list to change them immediately.

SplashData suggests making passwords more secure with these tips:

Use passwords of eight characters or more with mixed types of characters. But even passwords with common substitutions like "dr4mat1c" can be vulnerable to attackers' increasingly sophisticated technology, and random combinations like "j%7K&yPx$" can be difficult to remember. One way to create more secure passwords that are easy to recall is to use passphrases -- short words with spaces or other characters separating them. It's best to use random words rather than common phrases. For example, "cakes years birthday" or "smiles_light_skip?"
Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, or financial service sites. Use different passwords for each new website or service you sign up for.

Having trouble remembering all those different strong passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. There are numerous applications available, but choose one with a strong track record of reliability and security like SplashID Safe, which has a 10 year history and over 1 million users. SplashID Safe has versions available for Windows and Mac as well as smartphones and tablet devices.

About SplashData, Inc.

SplashData has been a leading provider of password management applications for over 10 years. SplashID Safe (www.splashid.com) has grown to be most trusted multi-platform password solution for both the consumer and enterprise markets with over 1 million users worldwide. SplashID Safe's popularity continues to rise as the number of user names, passwords, and account numbers most people have to remember is rapidly multiplying. At the same time, the risk of this kind of sensitive information falling into the wrong hands has never been greater. SplashID Safe helps solve this dilemma by creating an encrypted digital safe available on smartphones, computers, USB keys, or online, offering the peace of mind of being able to access critical information whenever needed while maintaining the security of 256-bit encryption. SplashData was founded in 2000 and is based in Los Gatos, CA.

Microsoft has admitted that a number of legal documents were stolen during recent phishing attacks on its staff and company accounts.

The firm has been hit repeatedly by the Syrian Electronic Army in recent weeks, with both Microsoft's blogs and Skype accounts hit during the attacks.

The company has now provided more insight into the effect of these attacks, with Adrienne Hall, general manager for Trustworthy Computing Group, explaining in a blog post that it would be talking to those affected as more information comes to light.

"We have learned that there was unauthorised access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen," she wrote.

"If we find that customer information related to those requests has been compromised, we will take appropriate action. Out of regard for the privacy of our employees and customers â€“ as well as the sensitivity of law enforcement inquiries â€“ we will not comment on the validity of any stolen emails or documents."

Hall also confirmed that Microsoft is stepping up its efforts to beat cyber criminals, including better staff training and awareness of the threats they face.

"We continue to further strengthen our security," she said. "This includes ongoing employee education and guidance activities, additional reviews of technologies in place to manage social media properties, and process improvements based on the findings of our internal investigation."

The incident underlines the perils facing busineses of all sizes â€“ and the need for strong passwords and staff education â€“ with even a tech giant such as Microsoft caught out by cyber attacks and phishing scams.

The series of usernames and passwords used to execute the attack was likely collected from a compromised third-party database. Yahoo! already sent e-mails prompting affected clients to reset passwords. Notifications are also sent via SMS texts if mobile numbers were linked to the accounts.

Change Passwords Now; Yahoo! Mail Got Hacked Againâ€œWe have no evidence that they were obtained directly from Yahooâ€™s systems,â€ said Yahooâ€™s SVP Platforms and Personalization Products Jay Rossiter. â€œOur ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accountsâ€™ most recent sent emails.â€

The tech company is working with federal law enforcement to find and prosecute the hackers responsible for the attack. In July 2012, more than 450,000 e-mail addresses and passwords were stolen from Yahoo! after hackers managed to breach the service.

â€œAt Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products,â€ Yahoo! said at the time.

After the latest attack, the company said: â€œWe regret this has happened and want to assure our users that we take the security of their data very seriously.â€

Bitdefender researchers recently spotted several bad ads injected in Yahoo! Insider through malvertising techniques. In May 2013, Yahoo! Mail also got blocked by browsers in a complex malvertising chain reaction.

Users are advised to reinforce their passwords and change them regularly. They may also enable two-factor authentication, which requires a code texted to their mobile phone whenever a login attempt is made from a new computer.

In January, the word â€œpasswordâ€ was ousted by â€œ123456â€ as the most popular (and worst) password in 2013, after two years in the spotlight.